chore: validate S3 import and iam_roles new association resource

bryantbiggs · bryantbiggs · commit d05ed10df0b0 · 2021-10-25T12:07:33.000-04:00
diff --git a/README.md b/README.md
@@ -307,7 +307,7 @@ No modules.
 | <a name="input_iam_role_path"></a> [iam\_role\_path](#input\_iam\_role\_path) | Path for the monitoring role | `string` | `null` | no |
 | <a name="input_iam_role_permissions_boundary"></a> [iam\_role\_permissions\_boundary](#input\_iam\_role\_permissions\_boundary) | The ARN of the policy that is used to set the permissions boundary for the monitoring role | `string` | `null` | no |
 | <a name="input_iam_role_use_name_prefix"></a> [iam\_role\_use\_name\_prefix](#input\_iam\_role\_use\_name\_prefix) | Determines whether to use `iam_role_name` as is or create a unique name beginning with the `iam_role_name` as the prefix | `bool` | `false` | no |
-| <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | Map of IAM roles and supported feature names to associate with the cluster | `map(string)` | `{}` | no |
+| <a name="input_iam_roles"></a> [iam\_roles](#input\_iam\_roles) | Map of IAM roles and supported feature names to associate with the cluster | `map(map(string))` | `{}` | no |
 | <a name="input_instance_class"></a> [instance\_class](#input\_instance\_class) | Instance type to use at master instance. Note: if `autoscaling_enabled` is `true`, this will be the same instance class used on instances created by autoscaling | `string` | `""` | no |
 | <a name="input_instance_timeouts"></a> [instance\_timeouts](#input\_instance\_timeouts) | Create, update, and delete timeout configurations for the cluster instance(s) | `map(string)` | `{}` | no |
 | <a name="input_instances"></a> [instances](#input\_instances) | Map of cluster instances and any specific/overriding attributes to be created | `any` | `{}` | no |
diff --git a/examples/s3_import/main.tf b/examples/s3_import/main.tf
@@ -125,7 +125,12 @@ module "aurora" {
   create_security_group  = true
   allowed_cidr_blocks    = module.vpc.private_subnets_cidr_blocks
 
-  iam_database_authentication_enabled = true
+  iam_roles = {
+    s3_import = {
+      role_arn     = aws_iam_role.s3_import.arn
+      feature_name = "s3Import"
+    }
+  }
 
   # S3 import https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.LoadFromS3.html
   s3_import = {
@@ -134,7 +139,6 @@ module "aurora" {
     ingestion_role        = aws_iam_role.s3_import.arn
   }
 
-  apply_immediately   = true
   skip_final_snapshot = true
 
   db_parameter_group_name         = aws_db_parameter_group.example.id
diff --git a/variables.tf b/variables.tf
@@ -347,7 +347,7 @@ variable "endpoints" {
 # aws_rds_cluster_role_association
 variable "iam_roles" {
   description = "Map of IAM roles and supported feature names to associate with the cluster"
-  type        = map(string)
+  type        = map(map(string))
   default     = {}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -347,7 +347,7 @@ variable "endpoints" {`
`347`	`347`	`# aws_rds_cluster_role_association`
`348`	`348`	`variable "iam_roles" {`
`349`	`349`	`description = "Map of IAM roles and supported feature names to associate with the cluster"`
`350`		`- type = map(string)`
	`350`	`+ type = map(map(string))`
`351`	`351`	`default = {}`
`352`	`352`	`}`
`353`	`353`